Export limit exceeded: 16510 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (16510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3577 2 Apache, Redhat 18 Httpasyncclient, Httpclient, Enterprise Linux and 15 more 2025-04-12 N/A
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
CVE-2014-3580 4 Apache, Apple, Debian and 1 more 9 Subversion, Xcode, Debian Linux and 6 more 2025-04-12 N/A
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
CVE-2014-9425 3 Apple, Php, Redhat 3 Mac Os X, Php, Enterprise Linux 2025-04-12 N/A
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2014-3587 3 Christos Zoulas, Php, Redhat 4 File, Php, Enterprise Linux and 1 more 2025-04-12 N/A
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
CVE-2013-4150 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2025-04-12 N/A
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.
CVE-2013-4151 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2025-04-12 N/A
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
CVE-2014-3596 2 Apache, Redhat 3 Axis, Enterprise Linux, Jboss Enterprise Portal Platform 2025-04-12 N/A
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
CVE-2014-3601 5 Canonical, Linux, Opensuse and 2 more 7 Ubuntu Linux, Linux Kernel, Evergreen and 4 more 2025-04-12 N/A
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
CVE-2014-3618 3 Canonical, Procmail, Redhat 3 Ubuntu Linux, Procmail, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
CVE-2014-3621 3 Canonical, Openstack, Redhat 4 Ubuntu Linux, Keystone, Enterprise Linux and 1 more 2025-04-12 N/A
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
CVE-2014-3631 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 N/A
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
CVE-2014-3633 3 Canonical, Libvirt, Redhat 3 Ubuntu Linux, Libvirt, Enterprise Linux 2025-04-12 N/A
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
CVE-2014-3640 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2025-04-12 N/A
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
CVE-2014-3645 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-12 N/A
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3669 2 Php, Redhat 4 Php, Enterprise Linux, Rhel Eus and 1 more 2025-04-12 N/A
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
CVE-2014-3670 2 Php, Redhat 4 Php, Enterprise Linux, Rhel Eus and 1 more 2025-04-12 N/A
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
CVE-2014-3675 1 Redhat 2 Enterprise Linux, Shim 2025-04-12 N/A
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
CVE-2014-3676 1 Redhat 2 Enterprise Linux, Shim 2025-04-12 N/A
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
CVE-2014-3686 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 N/A
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
CVE-2014-3687 8 Canonical, Debian, Linux and 5 more 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more 2025-04-12 7.5 High
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.